From 78de17cf7095af8e86d192af8d8fbe21e6f193d9 Mon Sep 17 00:00:00 2001 From: Jeremy Kemper Date: Thu, 4 Feb 2010 14:15:16 -0800 Subject: Expose CSRF tag for UJS adapters --- .../test/controller/request_forgery_protection_test.rb | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'actionpack/test/controller') diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index b2a0e2e2a3..55c21bc84a 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -15,13 +15,17 @@ module RequestForgeryProtectionActions render :text => 'pwn' end + def meta + render :inline => "<%= csrf_meta_tag %>" + end + def rescue_action(e) raise e end end # sample controllers class RequestForgeryProtectionController < ActionController::Base include RequestForgeryProtectionActions - protect_from_forgery :only => :index + protect_from_forgery :only => %w(index meta) end class FreeCookieController < RequestForgeryProtectionController @@ -211,6 +215,11 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase ActiveSupport::SecureRandom.stubs(:base64).returns(@token) ActionController::Base.request_forgery_protection_token = :authenticity_token end + + test 'should emit a csrf-token meta tag' do + get :meta + assert_equal %(), @response.body + end end class FreeCookieControllerTest < ActionController::TestCase @@ -238,6 +247,11 @@ class FreeCookieControllerTest < ActionController::TestCase assert_nothing_raised { send(method, :index)} end end + + test 'should not emit a csrf-token meta tag' do + get :meta + assert @response.body.blank? + end end class CustomAuthenticityParamControllerTest < ActionController::TestCase -- cgit v1.2.3